|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: how to close security holes from nessus vulnerability scan report ?
From: Chew Poh Chang (CAPL) (pcchew
CSAH.COM)Date: Thu Jul 06 2000 - 04:13:37 CDT
- Next message: Elias Levy: "Re: ftpd: the advisory version"
- Previous message: Ejovi Nuwere: "Re: scan log and subsequent response from the host's ISP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
I used nessus to scan for vulnerability on our web server from our internal
net. Some of the extract from the report are listed below.
I would like to know how I can close the security holes presented below.
Look forward to any comment.
Best regards,
Chew Poh Chang
----------------------------------------------------------------------------
-----------------------------------------
1. Vulnerability found on port snmp (161/udp)
SNMP Agent responded as expected with community name: private\
CVE : CAN-1999-0517
2. Vulnerability found on port unknown (32773/udp)
The sadmin RPC service is running.
There is a bug in Solaris versions of
this service that allow an intruder to
execute arbitrary commands on your system.
Solution : disable this service
Risk factor : High
3. Vulnerability found on port unknown (8087/tcp)
The Sambar webserver is running.
It provides a webinterface for configuration purposes.
The admin user has no password and there are some other default
users without
passwords
Everyone could set the HTTP-Root to c:\ and delete your files!
Solution : Change the passwords via the webinterface or use a real
webserver
like Apache.
Risk factor : High
- Next message: Elias Levy: "Re: ftpd: the advisory version"
- Previous message: Ejovi Nuwere: "Re: scan log and subsequent response from the host's ISP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]